I put our web server behind the Kerio firewall (6.5.2 Build 5172) but we can only connect to it internally. I've tried port mapping but I can't get it to work. Any advice would be greatly appreciated! This is very frustrating.

If your webserver is serving only websites and no need to access to Public Network (Internet) from that webserver, you don't need to create outbound rules. I mean, if you don't browse web sites (not yours) from Internet by Internet Explorer on that server. But If you are browsing web, you may create HTTP/HTTPS (or FTP, SMTP etc. whatever you need for accessing the services to Internet).

Your situation is very similar to mine. My company is using Exchange 2007 OWA (Outlook Web Access) and Outlook AnyWhere (for MS Outlook Clients) with HTTPS protocol and we are also using our own web-based application with HTTP protocol behind the KWF.

You can see our Traffic Policy rules on the image below. This setup works perfect for us.

In this screenshot, frist 3 policy was created by KWF First Run Wizard.

4th policy was created by me to allow inbound (from internet to local webserver) traffic to local webserver behind the KWF (Please notice that Source, Destination and Translation sections).

And 5th rule is Default NAT policy for allowing local users (and all of my local servers) to access Internet. As you can see, NAT policy isn't checked, that means none of my client computers and local servers are able to access to Internet. Though, everybody can access Exchange 2007 OWA and Outlook Anywhere from Internet and Local Network.

NOTE: If your webserver is also serving FTP, POP3, SMTP etc. then you should add these protocols to the 4th policy in my example.

If your webserver is serving only websites and no need to access to Public Network (Internet) from that webserver,

The webserver only needs to host our website and handle ftp. I don't need to surf the web with it. I probably should've said that better. I meant it from a communications point of view. From the server itself I was able to ping everything internal and external, and I was able to surf the web. I just couldn't ping or open the website.

Quote:

you don't need to create outbound rules.

Ok. I guess I assumed if a pc made a request to open a web page on our website, there would need to be an outgoing rule for the webserver to serve the page back to the pc.

Quote:

Your situation is very similar to mine. My company is using Exchange 2007 OWA

We are very similar! We also use Exchange 2007 OWA. That's one of the things that confused me about this whole process. I have similar rules to allow limited access to the Exchange box behind the KWF and that works fine.

I still can't get it to work. At this point I think I have tried every combination possible.

I've tried KursadOlmez's suggestions and Adjusters suggestions. I've tried both of their suggestions at the top of the traffic rules and at the bottom of the traffic rules. If I was using more than one rule I shuffled the order of the rules to see if that would help.

I put 192.168.0.3 www.website.com into the Hosts file. Then I tried 67.105.255.255 www.website.com. Nothing seems to work.

I'm not sure how to get this to work with this method. The other night I put an extra nic into the KWF computer. If I can't get this to work I'll try a DMZ off of the KWF and see what happens.

Thanks for the suggestions. If anyone has any other ideas, please let me know!

Kerio discussion forums are intended for open communication between forum
members and may contain information and material posted by members which may
be useful in learning about Kerio products. The discussion forums are not
intended to provide technical support for any specific product. Any
information implied or expressed in the discussion forums is that of the
posting member. Kerio is in no way responsible for the information posted in
the forums, or its accuracy. Kerio employees may participate in the
discussions, but their postings do not represent an offical position of the
company on any issues raised or discussed. Kerio reserves the right to
monitor and maintain the forums to promote free and accurate exchange of
information.